Mobile authentication in mobile virtual network

US 10,063,998 B2
Filed: 11/05/2015
Issued: 08/28/2018
Est. Priority Date: 11/07/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the server to:

receive a request to register one or more mobile devices with a mobile virtual network operator (MVNO)-hosted mobile authentication platform;

store mobile devices data for the one or more registered mobile devices and user profile data by the MVNO-hosted mobile authentication platform;

establish a dedicated connection for routing requests from carrier networks through the MVNO-hosted mobile authentication platform for the one or more registered mobile devices to an enterprise network managed by the server;

receive, from a portion of the MVNO-hosted mobile authentication platform residing on a mobile device, an access request to access the enterprise network through the dedicated connection;

determine if the access request is received from a member of the enterprise network through the one or more registered mobile devices;

gather device data for the mobile device from the mobile devices data for the one or more registered mobile devices using the access request received from the mobile device, the device data for the mobile device including a mobile device network identifier of the mobile device making the request, the MVNO hosted mobile authentication platform configured to maintain a database of network identifiers assigned to mobile devices of registered members of the enterprise network, the mobile device network identifier being unique to the mobile device and the mobile device network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;

receive, from the mobile device, a resource request to access a resource through the enterprise network;

extract, from the resource request, one or more resource request factors;

authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors; and

provide the mobile device access to the enterprise network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device.

20 Citations

20 Claims

1. A non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the server to:
- receive a request to register one or more mobile devices with a mobile virtual network operator (MVNO)-hosted mobile authentication platform;
  
  store mobile devices data for the one or more registered mobile devices and user profile data by the MVNO-hosted mobile authentication platform;
  
  establish a dedicated connection for routing requests from carrier networks through the MVNO-hosted mobile authentication platform for the one or more registered mobile devices to an enterprise network managed by the server;
  
  receive, from a portion of the MVNO-hosted mobile authentication platform residing on a mobile device, an access request to access the enterprise network through the dedicated connection;
  
  determine if the access request is received from a member of the enterprise network through the one or more registered mobile devices;
  
  gather device data for the mobile device from the mobile devices data for the one or more registered mobile devices using the access request received from the mobile device, the device data for the mobile device including a mobile device network identifier of the mobile device making the request, the MVNO hosted mobile authentication platform configured to maintain a database of network identifiers assigned to mobile devices of registered members of the enterprise network, the mobile device network identifier being unique to the mobile device and the mobile device network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receive, from the mobile device, a resource request to access a resource through the enterprise network;
  
  extract, from the resource request, one or more resource request factors;
  
  authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors; and
  
  provide the mobile device access to the enterprise network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The non-transitory computer-readable medium of claim 1, wherein an operator of a mobile virtual network manages the server.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include a unique subscriber identification module (SIM) number, and wherein the server authenticates the mobile device when one of the one or more resource request factors is the SIM number.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein server authenticates the mobile device when one of the one or more resource request factors is a baseband-derived location identification that matches the application layer-derived device location identification.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include a location identifier based derived using a location of one or more mobile towers in the proximity of the device, and wherein server authenticates the mobile device when one of the one or more resource request factors is a cellular tower triangulated location identification that matches the location identifier based derived using a location of one or more mobile towers in the proximity of the device.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the instructions further cause the server to:
    - request that a user of a mobile device opt-in to allowing the server to access personal location data on the user mobile device;
      
      receive confirmation that the user agrees to opt-in to allowing the server to access personal location data on the user mobile device; and
      
      upon receiving a resource request to access a resource through the enterprise network, accessing the user personal location data as the resource request factor,wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein the server authenticates the mobile device when the application layer-derived device location identification matches the user personal location data.
  - 7. The non-transitory computer-readable medium of claim 6, wherein the user personal location data includes one or more of a user residence, a user frequent location, a location in the user calendar, a location learned from a travel application on the mobile device, and a location determined based on contextual data in the mobile device.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the instructions further cause the server to:
    - determine, based on the mobile device network identifier of the mobile device, an enterprise identification information that describes one or more permission given to a user of the mobile device for accessing resources in the enterprise network;
      
      retrieve the requested resource when the mobile device network identifier indicates the user of the mobile device has permission to access the access-restricted resource.
  - 9. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include a device type, and wherein server authenticates the mobile device when one of the one or more resource request factors is the device type.
  - 10. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include an operating system, and wherein the server authenticates the mobile device when one of the one or more resource request factors is the operating system.

11. A computer-implemented method comprising:
- receiving a request to register one or more mobile devices with a mobile virtual network operator (MVNO)-hosted mobile authentication platform;
  
  storing mobile devices data for one or more registered mobile devices and user profile data by the MVNO-hosted mobile authentication platform;
  
  establishing a dedicated connection for routing requests from carrier networks through the MVNO-hosted mobile authentication platform for the one or more registered mobile devices to an enterprise network managed by a server;
  
  receiving, in the server from a portion of the MVNO-hosted mobile authentication platform residing on a mobile device, an access request to access the enterprise network through the dedicated connection;
  
  gathering device data for the mobile device from the mobile devices data for the one or more registered mobile devices using the access request received from the mobile device, the device data for the mobile device including a mobile device network identifier of the mobile device making the request, the MVNO hosted mobile authentication platform configured to maintain a database of network identifiers assigned to mobile devices of registered members of the enterprise network, the mobile device network identifier being unique to the mobile device and the mobile device network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receiving, from the mobile device, a resource request to access a resource through the enterprise network;
  
  extracting, from the resource request, one or more resource request factors;
  
  authenticating the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors; and
  
  providing the mobile device access to the enterprise network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer-implemented method of claim 11, wherein an operator of a mobile virtual network manages the server.
  - 13. The computer-implemented method of claim 11, wherein the one or more mobile authentication factors at least include a unique subscriber identification module (SIM) number, and wherein authenticating the mobile device comprises determining that one of the one or more resource request factors is the SIM number.
  - 14. The computer-implemented method of claim 11, wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein authenticating the mobile device comprises determining that one of the one or more resource request factors is a baseband-derived location identification that matches the application layer-derived device location identification.
  - 15. The computer-implemented method of claim 11, wherein the one or more mobile authentication factors at least include a location identifier based derived using a location of one or more mobile towers in the proximity of the device, and wherein authenticating the mobile device comprises determining that one of the one or more resource request factors is a cellular tower triangulated location identification that matches the location identifier based derived using a location of one or more mobile towers in the proximity of the device.
  - 16. The computer-implemented method of claim 11, further comprising:
    - requesting that a user of a mobile device opt-in to allowing the server to access personal location data on the user mobile device;
      
      receiving confirmation that the user agrees to opt-in to allowing the server to access personal location data on the user mobile device; and
      
      upon receiving a resource request to access a resource through the enterprise network, accessing the user personal location data as the resource request factor,wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein authenticating the mobile device comprises determining that the application layer-derived device location identification matches the user personal location data.
  - 17. The computer-implemented method of claim 14, wherein the user personal location data includes one or more of a user residence, a user frequent location, a location in the user calendar, a location learned from a travel application on the mobile device, and a location determined based on contextual data in the mobile device.
  - 18. The computer-implemented method of claim 11, wherein the one or more mobile authentication factors at least include an operating system, and wherein the server authenticates the mobile device when one of the one or more resource request factors is the operating system.

19. A system comprising:
- one or more servers configured to host a mobile virtual network for an enterprise for providing a dedicated connection between a plurality of mobile devices and enterprise resources;
  
  a non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the one or more servers to;
  
  receive a request to register one or more mobile devices with a mobile virtual network operator (MVNO)-hosted mobile authentication platform;
  
  store mobile devices data for the one or more registered mobile devices and user profile data by the MVNO-hosted mobile authentication platform;
  
  establish a dedicated connection for routing requests from carrier networks through the MVNO-hosted mobile authentication platform for the one or more registered mobile devices to an enterprise network managed by the one or more servers;
  
  receive, from a portion of the MVNO-hosted mobile authentication platform residing on a mobile device, an access request to access the enterprise network through the dedicated connection;
  
  gather device data for the mobile device from the mobile devices data for the mobile devices using the access request received from the mobile device, the device data for the mobile device including a mobile device network identifier of the mobile device making the request, the MVNO hosted mobile authentication platform configured to maintain a database of network identifiers assigned to mobile devices of registered members of the enterprise network, the mobile device network identifier being unique to the mobile device and the mobile device network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receive, from the mobile device, a resource request to access a resource through the enterprise network;
  
  extract, from the resource request, one or more resource request factors;
  
  authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors; and
  
  provide the mobile device access to the enterprise network.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the one or more mobile authentication factors at least include an operating system, and wherein the server authenticates the mobile device when one of the one or more resource request factors is the operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tevnos LLC
Original Assignee
Tevnos LLC
Inventors
Jacobson, Stuart Alexander, Goldbard, Joshua
Primary Examiner(s)
Schmidt, Karl L
Assistant Examiner(s)
Mohammadi, Fahimeh

Application Number

US14/934,051
Publication Number

US 20160134624A1
Time in Patent Office

1,027 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/168   above the transport layer

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

H04W 12/68   Gesture-dependent or behavi...

H04W 4/02   Services making use of loca...

Mobile authentication in mobile virtual network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile authentication in mobile virtual network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links